Imprimir Página - Tengo un intruso

creo que tengo una persona que me ha entrado en el PC No se como hecharlo y cerrarle las puertas, dejo un GMER por si sirve de ayuda.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-05-29 21:24:33
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a WDC_WD6400AAKS-22A7B2 rev.01.03B01 596,17GB
Running: gmer.exe; Driver: C:\Users\Ismael\AppData\Local\Temp\kwldapow.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Files - GMER 2.1 ----

File C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt 0 bytes
---- Processes - GMER 2.1 ----

Library C:\Users\Ismael\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\dbghelp.dll (*** suspicious ***) @ C:\Users\Ismael\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exe [3236] (Windows Image Helper/Microsoft Corporation)(2015-05-29 18:53:39) 0000000003000000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFileScannerActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFirewallActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SDUpdateService@ServiceWebPortActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x06 0x1B 0xE8 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACR0064LEF080014210_27_07D8_14^6742D576E8B376F69DE478D074E6BE99@Timestamp 0x39 0x11 0xC6 0x7A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x4C 0x96 0xE8 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x4E 0x78 0x78 0x78 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x80 0x65 0xA0 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD3 0xDF 0xEC 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xDC 0x7D 0x75 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}@ReusableType 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 10
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@es-ES 107
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 109
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 110
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 12
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1404916693
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@LeaseObtainedTime 1432925081
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@LeaseObtainedTime 1432925081
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{da712857-c08b-4588-a532-1267e5630c15}@LastProbeTime 1432932483
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@T1 1433054681
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@T1 1433054681
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@T2 1433151881
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@T2 1433151881
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}@LeaseTerminatesTime 1433184281
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D0DE6CB9-1CE3-4564-8022-2A8994DE884D}\Parameters\Tcpip@LeaseTerminatesTime 1433184281
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 1848
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 1848 1854
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 1849
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 1860
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 1861
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 18633
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 365
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 443962743
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521682
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 4a0723e4-2b0e-4596-9836-d067833
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 54
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 800
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???=??????N??>??????????????{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}???????>?>??????R??>??????????????%SystemRoot%\system32\drivers\fltmgr.sys????? ???????????????????>?#?????? ?N?g???????????????????????N??>??????????????{e595f735-b42a-494b-afcd-b68666945cd3}???????>?>??????B??>??????????????%SystemRoot%\system32\mpssvc.dll????? ???????????????????>?#?????? ?N?h???????????????????N??>??????????????{dea07764-0790-44de-b9c4-49677b17174f}??Ev???>?>??????<??>???i??????????%SystemRoot%\system32\fms.dll???? ???????????????????>?#?????? ?N?i?'?????????????????????????N??>??????????????{538cbbad-4877-4eb2-b26e-7caee8f0f8cb}?V?????>?>??????D??>??????????????%SystemRoot%\system32\fdphost.dll???? ???????????????????>?#?????? ?X?j?%?????????????????????????N??>??????????????{55ab77f6-fa04-43ef-af45-688fbf500482}?ntL???>?>??????X??>???i??????????%SystemRoot%\system32\drivers\msgpioclx.sys?????? ???????????????????>?#?????? ?N?k?????????????????y?????N??>??????????????{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}???????>?>??????@
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?vi.?, ?may. ?29 ?15, 08:50:14?????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}\Connection@Name Reusable ISATAP Interface {085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}@InterfaceName Reusable ISATAP Interface {085C6A7A-42BB-4ED9-8B2A-B9DF3399F17D}

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\svchost.exe [1548:3560] 00007fff39881b70
Thread C:\WINDOWS\system32\svchost.exe [1548:3536] 00007fff39c54440
Thread C:\WINDOWS\system32\svchost.exe [1548:3540] 00007fff40f41600
Thread C:\WINDOWS\system32\csrss.exe [596:632] fffff960009be2d0

---- EOF - GMER 2.1 ----

Rootkit revealer
http://www.filehippo.com/es/download_rootkit_revealer/

TDS Killer
http://support.kaspersky.com/viruses/solutions/5353

muchas gracias por la ayuda pero el rootkit revealer no se me inicia ni iniciandolo como administrador ¿que debo hacer?

Vi recientemente que puede presentar problemas en la ejecucion con windows seven. Probaste el de kaspersky?. Podrias probar con este otro tambien:

GMER
http://www.gmer.net/

Test Foro de elhacker.net SMF 2.1

Seguridad Informática => Seguridad => Mensaje iniciado por: 7isma88 en 29 Mayo 2015, 22:24 PM